CLAIM AMENDMENTS 

Claim Amendment Summary 
Claims pending 

• Before this Amendment: Claims 1-59. 

• After this Amendment: Claims 1, 3, 8-16, 18-35, and 60-74. 
Canceled or Withdrawn claims: 2, 4-7, 17, first claim 36, 

second claim 36, and 37-59. 

Amended claims: 1, 3, 8, 16, and 29. 
New claims: Claims 60-74. 

Claims: 

1. (Currently Amended) A process for requesting 
authentication which can decrease problems associated with sham 
authentication requests, the process comprising: 

transmitting data from a hash digest formed using client-specific 
data together with second client specific data; afrd 

receiving, in response to transmitting, an indication of acceptance 
when the data from the hash digest corresponds to a valid client 
authentication reques t: and 

prior to transmitting, computing the hash digest using the client 
name, client key and a function of time, and wherein transmitting includes 
transmitting a current time . 

2. (Canceled) 
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3. (Currently Amended) The process of claim 1, further 
comprising, prior to transmitting , wherein computing a the hash digest 
includes using an HMAC algorithm and wherein the data from the hash 
digest include a truncated hash digest 

4. (Canceled) 

5. (Canceled) 

6. (Canceled) 

7. (Canceled) 

8. (Currently Amended) A process for requesting 
authentication which can decrease problems associated with sham 
authentication requests , the process comprising: 

transmitting a hash digest formed from first client-specific data 
together with second client specific data; 

receiving, in response to transmitting, an indication of acceptance 
when the hash digest and second client-specific data correspond to a valid 
client authentication request; and 

receiving, in response to transmitting, on denia l a denial of 
authentication when the hash digest or the second client-specific data do 
not correspond to a valid client authentication request. 
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9. (Original) The process of claim 8, further comprising, prior 
to transmitting, computing the hash digest from first client-specific data 
and a time-varying function. 

10. (Original) The process of claim 8, wherein transmitting a 
hash digest includes transmitting a hash digest computed using first client 
specific data comprising a valid client name together with a client key. 

11. (Original) The process of claim 8, wherein transmitting a 
hash digest comprises transmitting a hash digest formed using an HMAC 
algorithm. 

12. (Original) The process of claim 8, wherein transmitting a 
hash digest comprises transmitting a hash digest computed using first 
client-specific data comprising a valid client name together with a key 
corresponding to the valid client name and a current time. 

13. (Original) The process of claim 8, wherein transmitting a 
hash digest comprises transmitting a hash digest computed using first 
client-specific data comprising a valid client name together with a key 
corresponding to the valid 'client name, and a current time, and wherein 
transmitting includes transmitting the current time. 
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14. (Original) The process of claim 8, wherein transmitting 
comprises transmitting the hash digest together with a valid client name 
corresponding to the hash digest. 

15. (Original) The process of claim 8, wherein transmitting a 
hash digest comprises transmitting a valid client name together with a 
hash digest computed using and HMAC algorithm and first client-specific 
data comprising a valid client name together with a key corresponding to 
the valid client name, and a current time. 
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16. (Currently Amended) A process for verification of a client 
authentication request by a server which can decrease problems 
associated with sham authentication requests , the process comprising: 

receiving, in the server, a client authentication request including 
client-specific data; 

comparing the client specific data to data stored in a first cache 
memory coupled to the server to determine that the client specific data 
meet a first threshold of validity; 

when comparing determines that the client specific data meet the 
first threshold of validity, proceeding with the authentication process; and 

when comparing determines that the client specific data do not meet 
the first threshold of validity , then storing a portion of the client specific 
data in a second cache memory along with an indication that the client 
specific data do not correspond to a valid client, the portion of the client 
specific data stored in a second cache memory identifying a client name 
associated with the client authentication request and associating the client 
name with a valid indication regardless of whether the client specific data 
included valid proof of knowledge of privileged data, and then terminating 
the verification process. 

17. (Canceled) 
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18. (Original) The process of ciaim 16, wherein: 

proceeding with the authentication process comprises second 
comparing the client specific data with data stored in a second cache 
memory to determine when the client specific data meet a second 
threshold of validity and when the client specific data correspond to an 
identity previously determined to be valid or invalid; and 

when the client specific data meet the second threshold, 
transmitting a request for verification to a database containing client- 
specific data; and 

when the client specific data correspond to an identity previously 
determined to be invalid, terminating the authentication request. 

19. (Original) The process of claim 16, wherein receiving 
comprises receiving data including one or more of: a name, a NameHash, 
a truncation of a NameHash, a NameKeyHash, a truncation of a 
NameKeyHash, a TimedNameKeyHash, a truncation of a 
Timed NameKeyHash or a time. 

20. (Original) The process of claim 16, wherein receiving 
comprises receiving a TimedNameKeyHash. 

21. (Original) The process of claim 16, wherein receiving 
comprises receiving a TimedNameKeyHash and a current time. 



Serial No.: 10/608,653 

Atty Docket No.: MS1-1430US 

Response to Non-Final Office Action dated 10/26/2006 



lee@hayes The Business of IP™ 



22. (Original) The process of claim 16, wherein comparing the 
client specific data to data stored in a first cache memory comprises 
comparing a TimedNameKeyHash contained in the authentication request 
to a function of a stored NameKeyHash and a current time. 

23. (Original) The process of claim 16, wherein receiving client 
specific data includes receiving a current time, and further comprising 
determining when the received current time disagrees with another 
current time used by the authentication server, and, when the received 
current time and the another current time disagree, sending the another 
current time to an originator of the authentication request. 

24. (Original) A process for updating a cache memory 
associated with an authentication server comprising: 

sending a request to a database containing information describing 
authentic users, the request requesting information associated with 
authentic users that have been entered in the database after a 
predetermined time; 

receiving data corresponding to authentic users where the data have 
been entered to the database after the predetermined time; and 

storing at least a portion of the received data in the cache memory. 
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25. (Original) The process of claim 24, wherein sending a 
request comprises sending a request for information associated with 
authentic users that have been added to the database since a previous 
such request was made. 

26. (Original) The process of claim 24, wherein receiving 
comprises receiving a name and a key and the name, and further 
comprising: 

forming a hash digest using the name and a random session key; 

and 

storing client-specific data in the cache memory such that the hash 
digest may be used as a cachekey to access the ciient-specific data. 

27. (Original) The process of claim 24, further comprising 
computing a hash digest from a valid user name contained in the received 
data and a random session key stored in the authentication server. 

28. (Original) The process of claim 24, further comprising: 
computing a hash digest from one or more of a valid user name, an 

associated key and a random session key, 
truncating the hash digest; and 

storing client-specific data in the cache memory such that the 
truncated hash digest may be used as a cachekey to access the client- 
specific data. 
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29. (Currently Amended) One or more computer-readable 
media having at least one tangible component and including instructions 
that, when executed by one or more processors, causes the one or more 
processors to: 

form an encrypted data string including first client-specific 
information; 

transmit a message including credentials formed using the encrypted 
data string together with second client-specific information; and 

receive on authentication for system access, i n response to the 
message, when the credentia l s arc valid. 

receive a denial of authentication for system access, in response to 
the message, when the credentials are invalid; and 

store a portion of the client specific data in a cache memory along 
with an indication that the client specific data do not correspond to a valid 
client, the portion of the client specific data stored in the cache memory 
identifying a client name associated with the first client-specific information 
and associating the client name with a valid indication regardless of 
whether the first client-specific information included valid proof of 
knowledge for accessing privileged data. 



30. (Original) The computer-readable media of claim 29, 
wherein the code configured to cause the one or more processors to form 
an encrypted data string comprises code configured to cause the one or 
more processors to form a hash digest from a function of time and a client 
key. 
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31. (Original) The computer-readable media of claim 29, 
wherein the code configured to cause the one or more processors to form 
an encrypted data string comprises code configured to cause the one or 
more processors to form an encrypted data string from one or more of: a 
name, a NameHash, a truncation of a NameHash, a NameKeyHash, a 
truncation of a NameKeyHash, a TimedNameKeyHash, a truncation of a 
TimedNameKeyHash or a time. 

32. (Original) The computer-readable media of claim 29, 
wherein the code configured to cause the one or more processors to form 
an encrypted data string comprises code configured to cause the one or 
more processors to form an encrypted data string using a one-way hash 
function.' 

33. (Original) The computer-readable media of claim 29, 
wherein the code configured to cause the one or more processors to form 
an encrypted data string comprises code configured to cause the one or 
more processors to form a hash digest using an HMAC algorithm. 
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34. (Original) The computer-readable media of claim 29, 
wherein the code configured to cause the one or more processors to form 
an encrypted data string comprises code configured to cause the one or 
more processors to form an encrypted data string using a valid client name 
and a current time together with a key corresponding to the valid client 
name. 

35. (Original) The computer-readable media of claim 29, 
wherein the code configured to cause the one or more processors to form 
an encrypted data string comprises code configured to cause the one or 
more processors to form an encrypted data string using a key 
corresponding to the valid client name and a current time. 

36-59. (Canceled) 

60. (New) The computer-readable media of claim 29, wherein 
the code configured to cause the one or more processors to transmit 
comprises code that is configured to cause the one or more processors to 
transmit a plaintext client name as a portion of the second client-specific 
data. 
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61. (New) A computer system comprising: 
an authentication server; and 

a primary cache memory coupled to the authentication server, 
wherein the authentication server is configured to: 

receive a client authentication request including client-specific 

data; 

compare the client specific data to data stored in a first cache 
memory coupled to the server to determine that the client specific 
data meet a first threshold of validity; 

when comparing determines that the client specific data 

meet the first threshold of validity, proceed with 

authentication; and 

when comparing determines that the client specific data 

do not meet the first threshold of validity, terminate 

authentication and deny the authentication request; 

second compare the client specific data with data stored in 
the second cache memory to determine when the client specific data 
meet a second threshold of validity and when the client specific data 
correspond to an identity previously determined to be valid or 
invalid; 

when the client specific data meet the second 
threshold, transmit a request for verification to a database 
containing client-specific data; and 
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when the client specific data correspond to an identity 
previously determined to be invalid, terminate the 
authentication request. 

62. (New) The computer system of claim 36, wherein the 
authentication server is configured to employ a first, plaintext portion of 
the client-specific data as a cachekey to obtain related encrypted client- 
specific data from the first cache memory. 

63. (New) The computer system of claim 36, wherein the 
authentication server is further configured to store at least some of the 
client specific data in a second cache memory along with an indication that 
the client specific data do not correspond to a valid client when comparing 
determines that the client specific data do not meet the first threshold. 

39. (Canceled) 

64. (New) The computer system of claim 36, wherein the client- 
specific data includes a NameKeyHash that is also a function of time. 

65. (New) The computer system of claim 36, wherein the client- 
specific data includes a TimedNameKeyHash. 
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66. (New) The computer system of claim 36, wherein the client- 
specific data includes a TimedNameKeyHash and a current time is included 
with the client-specific data. 

67. (New) The computer system of claim 36, wherein the client 
specific data stored in the first cache memory comprises a NameKeyHash, 
and wherein the authentication server is configured to form a 
TimedNameKeyHash from the NameKeyHash and to compare the formed 
TimedNameKeyHash to a portion of the client-specific data. 

68. (New) The computer system of claim 36, wherein the client 
specific data includes a current time, and wherein the authentication 
server is further configured to determine when the received current time 
disagrees with another current time used by the authentication server, and 
when the received current time and the another current time disagree, 
send the another current time to an originator of the authentication 
request. 



Serial No.: 10/608,653 

Atty Docket No.: MS1-1430US 

Response to Non-Final Office Action dated 10/26/2006 



lee@hayes The Business of IP™ 

vww.leehays5.com. S09.324.92® 



69. (New) A process for verification of a client authentication 
request by a server which can decrease problems associated with sham 
authentication requests, the process comprising: 

receiving, in the server, a client authentication request including 
client-specific data comprising a name or hash of the name along with a 
client key or some proof of knowledge which identifies the client key; 

comparing the client specific data to data stored in a first cache 
memory coupled to the server to determine that the client specific data 
meet a first threshold of validity, wherein the first cache memory stores 
names and keys of valid clients, and wherein the first cache memory uses 
the name or the hash of the name as a cashekey to access the first cache 
memory; 

when comparing determines that the client specific data meet the 
first threshold of validity since the name and the client key identified in the 
client authentication request corresponds to a valid entry in the first cache 
memory, proceeding with the authentication process; and 

when comparing determines that the client specific data do not meet 
the first threshold of validity since the name and the client key identified in 
the client authentication request does not correspond to a valid entry in 
the first cache memory, then storing the name and the client key in a 
second cache memory along validity/invalidity indicators, wherein the 
name stored in the second cache memory is associated with a valid 
indication regardless of whether the client key or the proof of knowledge 
for the client key matches data in an associated authentication database, 
and then terminating the verification process. 
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70. (New) A process for authenticating a user which can 
decrease problems associated with sham authentication requests, the 
process comprising: 

receiving an authentication request including first client specific data 
comprising at least one of a client name and proof of knowledge of a 
client key; 

computing a NameHash using the received client name and a 
random session key; 

using data corresponding to the NameHash as a cachekey to access 
first validity threshold data from a first cache memory; 

comparing the first validity threshold data to the first client specific 
data; and 

when comparing determines that the first client specific data do not 
meet the first threshold of validity, then storing a portion of the client 
specific data in a second cache memory along with an indication that the 
client specific data do not correspond to a valid client, the portion of the 
client specific data stored in a second cache memory identifying a client 
name associated with the client authentication request and associating the 
client name with a valid indication regardless of whether the client specific 
data included valid proof of knowledge of privileged data, and then 
terminating the verification process. 
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71. (New) The process of claim 50, further comprising, when the 
first validity data do not match the first client data, storing the client key 
and a CredentiallnvalidFlag in a second cache memory. 

72. (New) The process of claim 50, further comprising, when the 
first validity data do match the first client data, employing the client name 
as a cachekey to access second client validity data from a second cache 
memory. 

73. (New) The process of claim 50, further comprising, when the 
first validity data do match the first client data, employing the client name 
as a cachekey to access second client validity data from a second cache 
memory, wherein the second client validity data comprise a stored copy of 
a client key. 

74. (New) The process of claim 50, wherein using data 
corresponding to the NameHash as a cachekey comprises using a 
truncation of the NameHash to access first validity threshold data from a 
first cache memory. 
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